ppt-web / tests /test_auth_middleware_public_context.py
26fwyzpz6f-max
Clean deploy without binary files
6aecb2e
Raw
History Blame Contribute Delete
2.83 kB
import pytest
from starlette.requests import Request
from starlette.responses import Response
from landppt.auth import middleware as auth_middleware_module
from landppt.auth.middleware import AuthMiddleware
class _FakeUser:
def __init__(self, user_id: int = 1, is_admin: bool = False):
self.id = user_id
self.is_admin = is_admin
class _FakeAuthService:
def __init__(self, user=None):
self.user = user
self.session_calls = []
self.api_key_calls = []
def get_user_by_api_key(self, db, api_key):
self.api_key_calls.append(api_key)
return None
def get_user_by_session(self, db, session_id):
self.session_calls.append(session_id)
return self.user
def _build_request(path: str, cookie: str = "") -> Request:
headers = []
if cookie:
headers.append((b"cookie", cookie.encode("utf-8")))
scope = {
"type": "http",
"http_version": "1.1",
"method": "GET",
"scheme": "http",
"path": path,
"raw_path": path.encode("utf-8"),
"query_string": b"",
"headers": headers,
"client": ("127.0.0.1", 12345),
"server": ("testserver", 80),
}
return Request(scope)
async def _fake_cached_session_none(session_id):
return None
async def _fake_call_next(request: Request) -> Response:
return Response(content="ok", media_type="text/plain")
def _fake_get_db():
yield object()
@pytest.mark.asyncio
async def test_public_page_populates_request_state_user_when_session_is_valid(monkeypatch):
middleware = AuthMiddleware()
middleware.auth_service = _FakeAuthService(user=_FakeUser(user_id=7))
monkeypatch.setattr(middleware, "_get_user_from_session_cache", _fake_cached_session_none)
monkeypatch.setattr(auth_middleware_module, "get_db", _fake_get_db)
request = _build_request("/sponsors", "session_id=valid-session")
response = await middleware(request, _fake_call_next)
assert response.status_code == 200
assert request.state.user is not None
assert request.state.user.id == 7
assert middleware.auth_service.session_calls == ["valid-session"]
@pytest.mark.asyncio
async def test_public_page_skips_optional_auth_for_static_assets(monkeypatch):
middleware = AuthMiddleware()
middleware.auth_service = _FakeAuthService(user=_FakeUser(user_id=9))
monkeypatch.setattr(middleware, "_get_user_from_session_cache", _fake_cached_session_none)
monkeypatch.setattr(auth_middleware_module, "get_db", _fake_get_db)
request = _build_request("/static/images/logo.png", "session_id=valid-session")
response = await middleware(request, _fake_call_next)
assert response.status_code == 200
assert request.state.user is None
assert middleware.auth_service.session_calls == []